SSL Certificate and Subject Alternate Name (SAN)

If your host name has multiple DNS entries, rather than requesting separate SSL certificate for each host name you can request the Subject Alternate Name (SAN) to be included in your SSL request.

If this is your first time generating a CSR, you can include the SAN information in the CSR. This process has been automated via a python script by the technical staff at UC Berkeley. More information can be found here: https://wikihub.berkeley.edu/display/calnet/CalNet+InCommon-Comodo+Certificate+Service#CalNetInCommon-ComodoCertificateService-GenFAQ

Note: If you use the python script, please make necessary changes under the [ req_distinguished_name ] section in the script. For more information on openSSL input parameters, you can use the reference here: http://www.openssl.org/docs/apps/req.html. For example, i wanted to add emailAddress to the CSR, I simply edit the script and added emailAddress=xxx@xxx.xxx.xxx right below the [ req_distinguished_name ]

If you already have a SSL certificate issued and currently in use, a SAN can be added to existing cert without having to generate a new CSR or to revoke existing cert. In this case, contact your CERT authority to make this arrangement.

This article assumes you are using InCommon-Comodo Certifcate Service. If you are using other Cert providers, please check with your vendor